Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

authenticate() test for locked/disabled accounts regardless of password match

Description

Locked or disabled accounts should always show the same error message regardless of whether the password is a match to avoid brute force/enumeration

Environment

None

Activity

Show:
Fixed

Details

Assignee

Reporter

Fix versions

Affects versions

Priority

Created October 26, 2018 at 4:25 AM
Updated October 26, 2018 at 4:35 AM
Resolved October 26, 2018 at 4:35 AM